Abstract
Artificial intelligence is increasingly discussed and explored within national security practices, offering intelligence agencies new opportunities while raising significant operational, legal, and ethical dilemmas. This article analyzes how professionals (N = 10) working in and around the Dutch intelligence and security domain make sense of artificial intelligence in the multi-agency policing of hybrid threats, while navigating tensions between national security and fundamental rights. Centered analytically on the General Intelligence and Security Service (AIVD), this article draws on qualitative empirical material and document analysis focusing on the AIVD’s role within the contemporary intelligence–policing matrix. The study adopts an abductive, interpretive approach to uncover how artificial intelligence is understood, implemented, and justified in a context of legal constraint and democratic accountability. The findings show that artificial intelligence is interpreted simultaneously as operationally indispensable and inherently risky. Meaning, it enhances analytic precision while also producing uncertainty, bias, and epistemic ambiguity. Practitioners therefore deploy artificial intelligence cautiously, relying on legal safeguards, human oversight, and incremental experimentation to preserve legitimacy. The analysis conceptualizes this ambivalence as a form of artificial intelligence liminality, in which professionals operate between innovation and restraint, efficiency and accountability. The article concludes that sense-making is central to how artificial intelligence acquires meaning and power in intelligence work, shaping both its use and the ethical boundaries that govern it, and discusses future research directions and governance implications.
Keywords
Introduction
Despite being a small country, the Netherlands holds a key position as a highly advanced knowledge economy in today’s multipolar world, concentrating strategic information flows, technological know-how, and logistical chokepoints within a geographically compact state. It attracts international collaboration while serving as a hub of high-value targets, ranging from the semiconductor supply chain provided by ASML 1 to the international justice institutions clustered in The Hague, and from Europe’s largest seaport in Rotterdam to critical energy and NATO infrastructure (Eski et al., 2024). The country’s high-tech role is also an attractive, high-return objective for foreign intelligence services and hybrid threat actors seeking political leverage, economic advantage, or disruptive (cyber)capacity (NCTV, 2024). In addition, the Netherlands’ exposure to Russian and other foreign intelligence services was heightened in 2014, when the Dutch General Intelligence and Security Service (AIVD) gained access to a Russian hacking outfit widely reported as Cozy Bear (Noack, 2018).
Such activities fall under the broad, context-dependent concept of hybrid threats, which encompasses various actions, such as espionage, disinformation, cyber operations, manipulating elections, and other state as well as non-state interventions that occur above or below the threshold of armed conflict (Fleming, 2011; Hoffman, 2007; Sari, 2024). In this study, the term serves as an umbrella concept to guide our (theoretical) understanding of how Dutch intelligence professionals perceive, prioritize, and respond to complex, multi-domain threats while recognizing that operational definitions vary across contexts (cf. Eski et al., 2024; Kok et al., 2024). Recent Dutch intelligence disclosures and national security assessments show that these threats are not hypothetical: state actors are actively harvesting economic secrets, probing defensive networks, and preparing options for disruption (AIVD, 2025).
Hence, enabled by its high-tech prowess and exposed by the same, the Netherlands is indispensable to, as well as, relies on Western security itself (Kok et al., 2024). In particular, in a multipolar security environment in which Russia and China increasingly use espionage, criminal intermediaries, influence operations, and technical sabotage interchangeably and interactively, the case of the Netherlands forms a paradox of contemporary deterrence, entailing how small-territory, high-value polities are both deeply integrated into alliance structures that amplify their strategic importance and are uniquely exposed to asymmetric (digital) coercion, aggravated by artificial intelligence (AI).
“In modern warfare, AI decides who will die” (Dorsey and Bo, 2025), and although not referring to hybrid threats per se, the cited statement reflects a broader reality, which is the growing influence of AI on matters of everyday life that also increasingly permeates the domain of national security and policing.
To an extent, AI offers new opportunities for strengthening national security, as Dutch intelligence and security agencies acknowledge. In their annual joint reporting on the threat landscape of the Netherlands of 2023, paying special attention to the enhancement of all kinds of threats (not just hybrid ones) by AI, the AIVD, the Military Intelligence and Security Service (MIVD), and the National Coordinator for Counterterrorism and Security (NCTV) emphasize that AI, next to a potential risk, can be a strategic advantage against those threats. In using it as such, security agencies face the challenge of harnessing AI as technological innovation while remaining within the boundaries of a democratic rule of law, where principles such as accountability, oversight, and respect for fundamental rights must be upheld.
There is growing public concern about the use of AI by government institutions. Several warnings have been made by Amnesty International (2024) that AI can endanger privacy, transparency, and fundamental rights, even leading to algorithmic discrimination, thus greater accountability and oversight should be deployed (Alon-Barkat et al., 2025; the Rathenau Institute, 2017). The intelligence services have also made use of AI, which transforms their strategic and operational landscape, raising questions about human control, institutional legitimacy, and the adequacy of existing legal frameworks. The Dutch “watchdog” Review Committee on the Intelligence and Security Services (CTIVD, 2024) launched an investigation into the use of AI for bulk data analysis by the AIVD and MIVD. They expressed concern about potential infringements on privacy and proportionality, given how AI systems often (purposively) operate as black boxes (Burrell, 2016), obscuring decision-making processes and complicating democratic oversight (WRR, 2021).
Moreover, the Dutch intelligence services’ confrontation with AI, whether as friend or foe, is amplified due to challenges that extend beyond national borders. In the global technological race, in particular China and the United States use AI as a strategy in security and geopolitics. China considers AI as vital for its economic growth and social control (Allen, 2019), whereas the United States has a more market-driven approach in which corporations dominate technological advancement (Zegart et al., 2019). The European Union, in contrast, attempts to balance innovation and regulation through the AI Act (European Union (EU), 2024) by having introduced a risk-based legal framework that ought to give transparency and protection of fundamental rights. In this international context that is highly volatile, the Netherlands and its intelligence service attempt to define their strategic stance on AI in relation to national security.
To clarify what is meant by “artificial intelligence” in this study, a minimal working typology assists in reflecting on how practitioners understand AI and how it is used in practice. Within the intelligence and multi-agency policing domains generally, AI consists of various tools and applications. First, there are analytic decision-support systems that can assist analysts in recognizing patterns, prioritizing information, and assessing risks, as the US intelligence agency, the National Security Agency (NSA) uses it (cf. Harding, 2024). Second, automation tools could be used to take over repetitive tasks, such as monitoring data streams or generating alerts, while third, automated processing tools can become AI-enhanced to handle large secret and publicly available, vis-à-vis Open-Source Intelligence (OSINT), data in order to detect trends, potential threats, or anomalies, as seen with the British secret services MI5 and MI6 (cf. Agenzia Nova, 2023; Commissie van Toezicht op de Inlichtingen- en Veiligheidsdiensten (CTIVD), 2021; Sabbagh, 2020). Fourth, generative AI systems could produce synthetic content, for example, to create and simulate scenarios or generate intelligence hypotheses, as is currently used by the CIA and Israeli Intelligence Corps Unit 8200, for example (Konkel, 2024; Mitchell, 2024). Next to analysis, AI technologies, such as autonomous chatbots, AI-driven robots, or so-called anti-conspiracy bots, can be deployed during operational activities, including infiltration, intelligence-gathering, and interventions to prevent radicalization (Wals et al., 2025).
Although this quick-and-dirty typology is not exhaustive as it does not capture every nuance of AI as a socially constructed phenomenon, it does offer a practical lens for understanding how Dutch intelligence professionals interpret and deploy AI in their everyday work, thereby serving as a reference point for coding and interpreting the collected interview and document data.
Against this backdrop, therefore, this study explores how Dutch intelligence and security organizations interpret and apply AI in their daily work, because these developments cannot be understood through a technological, geopolitical, national security, or legal perspective alone. Security practices, including those involving AI, are shaped by how institutions and their workers make sense of emerging (cyber)threats by defining risks, justifying interventions, and constructing legitimacy (Gallagher, 2019; Manning, 1997; Tapanainen, 2017). This means that national security is as much about interpretation as capability, in which security actors understand AI as risk, promise, or necessity, altogether shaping their own social (and theoretical) constructions (cf. Rowley and Weldes, 2012), attitudes, and activities (cf. Eski, 2016; Staring et al., 2019), including policing practices, policies, technologies, and ethical boundaries (Amoore, 2020). It reveals how security, policing, and surveillance logics are constructed as well as are contested, while technological power gains legitimacy (Jasanoff, 2004, 2017; Schuilenburg, 2025). Consequently, attention must focus not only on innovation but also on the meanings that organizations and their members ascribe to security and insecurity in relation to AI.
By studying sense-making processes within intelligence services and the multi-agency policing networks they participate in, this study focused on how the Dutch intelligence service considers and deals with legitimacy and with operational demands in AI-driven and AI-enhanced times, where governance increasingly relies on data, algorithms, and anticipatory logic (Morison, 2020). Therefore, the central research question that guided the study was as follows: How does the Dutch intelligence service (AIVD) interpret and deploy Artificial Intelligence (AI) in multi-agency policing responses to hybrid threats, and how do they navigate the resulting tensions between national security and fundamental rights?
This means that understanding AI in this context requires examining how intelligence professionals make sense of AI as both an operational capability and a source of democratic tension. Placing professional meaning-making at the center of analysis, this study aimed to contribute to a deeper understanding of how AI is interpreted, implemented, and justified in the intelligence service practices, which is traditionally a highly closed-off, hard-to-reach community (Nolan, 2018), a challenge this study also encountered. Given the limited number of participants (N = 10), a theoretical approach was required both for analytic depth and for extending insights beyond the sample (Adler and Adler, 1987). By framing the analysis through (interpretive) theory on sense-making, the study focused on the institutional logics, shared narratives, and the sense-making processes themselves that shape AI use in multi-agency intelligence and policing work, through which the findings reach beyond the immediate small set of participants (Eski, 2022; Rowley and Weldes, 2012).
We anticipate that studying how intelligence agencies respond to AI offers insights that are directly relevant for criminology and policing studies, as well as broader security studies. It also reflects the growing convergence between these fields (cf. Loader and Percy, 2017), showing once more how criminology, policing, security, and intelligence studies are increasingly addressing shared questions about AI, governance, operational ethics, and societal resilience in late-modern, hybrid threat ecosystems.
This article proceeds as follows: first, by considering theory that focuses on sense-making under conditions of technological change and security governance. Second, it presents the methodological approach and fieldwork among Dutch intelligence and security professionals. Third, the findings are analyzed along three key dimensions of how AI is made sense of in practice: as a technological enabler, as a governance challenge, and as a geopolitical catalyst. The conclusion and discussion then synthesize these insights to show how professionals navigate tensions between national security and fundamental rights in an AI-driven security environment.
Liquid intelligence? Some theoretical notions for empirical understanding
To study the sense-making of AI by intelligence services in a network of security and policing agencies, AI has been understood through its immersion within a broader social, technological, and governance context where it shapes and is shaped by late-modern conditions of (existential) uncertainty, technological acceleration, and shifting notions of accountability, and thus of fluidity, instability, and a pervasive sense of insecurity (Bauman, 2000). This theoretical lens allows us to examine how professionals make sense of AI under conditions where security demands, technological affordances, and democratic values are continuously in tension. To a degree, AI is the pinnacle of how traditional structures and certainties have dissolved, producing anxiety and a desire for control, while surveillance, once exceptional, has become an enduring feature of social life. AI fits seamlessly into a culture of risk management, because it promises security and predictability yet simultaneously amplifies feelings of uncertainty (Bauman and Lyon, 2013), making it a risk category that is increasingly self-produced through technological and institutional development (Beck, 1992). Meanwhile, (negative) globalization and individualization create systemic vulnerabilities that are difficult, if not impossible, to predict or contain, compelling institutions such as intelligence agencies to reflect on their own practices and technologies while being held responsible for managing emerging risks.
Operating in a multi-agency policing network, a diffusion of responsibility could give rise to what Beck (1992) defined as organized irresponsibility. Once applied to how intelligence services operate in such a multi-agency network of policing actors in which accountability is formally shared, it becomes unclear who can be held accountable for the consequences of AI, even if responsibilities may be formally assigned yet no single actor can fully explain or control how AI operates. The result is a governance paradox in which AI is treated as both necessary and ungovernable/unpoliceable.
Being, in that sense, a classic wicked problem (Rittel and Webber, 1973), the deployment of AI by intelligence services becomes a complex and normative (and thus intrinsically a sense-making) challenge with no clear solution, while those handling it must navigate uncertainty, fragmented accountability, and societal expectations of control – an illusion of control, perhaps – even as they depend on technologies they only partially or not at all understand. Moreover, from a technological-determinist perspective (Baltezarević, 2024; Winkel, 2025), AI is not a neutral instrument but an active force that is shaped by and also shapes political and institutional realities. Once applied to intelligence work, AI not only supports analysis but also influences what counts as relevant intelligence information and which risks are rendered visible, resulting in technology that steers priorities and executes policing tasks that often violate the private lives of ordinary citizens (Schuilenburg, 2025). AI use then risks producing hyper-technocratic decision-making that is fully detached from ethical and legal reflection, while having significant, if not severe, ethical and legal consequences itself (Mateen, 2018). In intelligence contexts, this means that algorithmic tools determine not only what is known but also what is considered knowable, also by prioritizing efficiency, prediction, and control that may conflict with transparency or democratic oversight.
AI, therefore, takes an ambivalent position in security realms, where it functions as both an enabler of security and a potential threat (Allen et al., 2017; Schneier, 2016; Zegart et al., 2019). AI enables faster data-processing and data-pattern recognition, but it also introduces risks such as (racial) bias, error propagation, and privacy intrusion (Hobart, 2025). These risks create tensions within the same system, for example between efficiency and accountability or between innovation and control. At the same time, AI is often securitized as essential for national security, even though it can undermine democratic values (Schuilenburg, 2015). This means AI transforms the logic of governance and policing itself through technological determinism, algorithmic governance, and securitization in which the intelligence services not only use AI but also construct its meaning within broader political, ethical, and societal narratives.
On a final theoretical note, such sense-making happens in what has been referred to as a post-truth era where facts are increasingly overshadowed by emotions and narratives, and to which AI systems contribute: they can both detect and generate misinformation, complicating the distinction between truth and manipulation (McIntyre, 2018). Generative AI can even create an “illusion of knowledge” by offering a compelling but potentially deceptive representation of reality (Hicks et al., 2024). For intelligence services, this raises epistemological dilemmas: how can truth be verified when the tools used to analyze can also distort it?
AI technology therefore reveals how governance through it intersects with post-truth dynamics in which knowledge, power, and legitimacy are co-produced, embodying implicit norms that shape decision-making (Leenes, 2019; Mateen, 2018). When combined with societal mistrust and limited transparency, these embedded logics can undermine institutional legitimacy. Intelligence agencies must therefore not only act effectively and lawfully but also maintain public trust by operating ethically and guaranteeing accountability.
In sum, theoretically, AI emerges as more than a technological instrument; it is liquid in Baumanian terms, as much as it amplifies the already liquid livelihoods. It is a deeply normative and socially embedded phenomenon that redefines the boundaries of governance, legality, and truth. In the late-modern, post-truth society, intelligence services then face a double imperative: they must (1) act swiftly to counter evolving (hybrid) threats to the democratic values they have sworn to protect, but (2) without becoming a threat to democratic accountability and fundamental rights. AI, in that sense, seems to intensify the reflexive nature of intelligence services in a volatile, multipolar world that is increasingly facing hybrid threats, while it compels them to question their own tools and assumptions, and while remaining responsible for managing the risks those tools create. Moreover, AI-system integration reshapes security decision-making itself, embedding algorithmic logics that prioritize prediction and control, while accelerating the pace of technological innovation that exposes the limits of legal and ethical frameworks, challenging the legitimacy of intelligence practices in the digital age.
How professionals within Dutch intelligence in collaboration with security organizations in multi-agency policing networks interpret, justify, and navigate this duality of AI in their daily work is what has been the focus during fieldwork.
Methodology
An abductive “Verstehen” of AI sense-making
Given the novelty and complexity of AI in intelligence practice, the research design is exploratory and qualitative, seeking depth of understanding rather than breadth or statistical generalization. A social-constructivist approach was adopted, which fine-tuned fieldwork toward retrieving a Verstehen or interpretative understanding (Eski, 2016; Ferrell, 2018), in this case, of how intelligence and policing professionals in the Netherlands make sense of and give meaning to AI in their daily work that influences their professional choices and practice (e.g. Staring et al., 2019). This means that, rather than treating AI, security, or threat as fixed categories, these concepts are approached as socially constructed and continuously negotiated within organizational, political, and legal settings in which the interviewed professionals work. The Verstehen-based methodological toolset therefore allowed for collecting data on “nuances of a group’s elegant knowledge and shared emotion [that] must be contextualized within larger social and historical moments and within the larger social and legal forces that in some ways shape this knowledge and emotion” (Ferrell, 2018: 154). An abductive logic guided the research process (Van Hulst and Visser, 2024), allowing theory and data to inform one another (re)iteratively, thus shaping the initial interview protocols that were refined as new themes emerged. Such an abductive interplay enabled continuous reflection on how theoretical insights resonated or clashed with the practitioners’ perceptions and lived realities.
Data collection and analysis
While the focus of fieldwork (N = 10) was centered on the Dutch General Intelligence and Security Service (AIVD), it was complemented by interviews as well as focus groups with professionals from the National Coordinator for Counterterrorism and Security (NCTV), the National Police, the Review Committee on the Intelligence and Security Services (CTIVD), and the Ministry of Justice and Security. This led to an in-depth analysis of rich data on how AI is operationalized and legitimized – socially construed (Gilad, 2021) – by the AIVD, while the inclusion of related organizations provides additional insight into oversight, coordination, and policy development.
Access was established through purposive contact and, where appropriate, convenience and snowball sampling, as is commonly done in cases of hidden and hard-to-reach occupational communities in highly confidential and secretive environments (cf. Ochs, 2011; Wright, 2022). Admittedly, the number of interviews was limited. However, the diversity of organizations and roles provided a valid basis to gather empirical context-specific insights into strategic and security-sensitive environments. This depth, situational context, and institutional embeddedness are more valuable than generalizability (Eski, 2022; Guest et al., 2006). More specifically, the small sample itself narrated a crucial point about this partly closed field. It was notable that there was much uncertainty, institutional caution, and normative tension regarding the topic of AI (WRR, 2021; Zegart et al., 2019), resulting in some organizations not being able or willing to comment, which reveals a cautious and elusive nature of discourse on AI in security domains (Allen et al., 2017; Schneier, 2016). Acknowledging these dynamics not only strengthened this study’s validity and reliability but also informed the Verstehen of the research population itself.
Data were collected through semi-structured interviews, focus groups, and a targeted document analysis (Palinkas et al., 2013) to retrieve participants’ “policing in the books” and “policing in action” (see Holdaway, 1985: 25) perceptions and practices regarding AI. For the “policing in action,” interviews and focus groups were conducted with professionals working at strategic, policy, analytical, and operational levels across the participating organizations. Within the AIVD, two small group interviews were held; interviews with the NCTV, Police, a former CTIVD member, and the Ministry were conducted individually. Interview and focus group protocols balanced comparability with openness and were structured around sense-making and sensitizing concepts (Bowen, 2006), such as “risk,” “proportionality,” “technological affordances,” and “democratic oversight.”
Given the sensitivity of the research context, participants explicitly requested, and the authors guaranteed, that no information included in any publication could enable traceability or deductive disclosure. Interviews and focus groups were audio-recorded and transcribed verbatim, if permitted. If not, a note-taker ensured accuracy and completeness within confidentiality constraints. To ensure that all participants’ anonymity is safeguarded, all identifying information was anonymized and traceable details were excluded from the data. Consequently, methodological detail is reported only in aggregated form, and no disaggregated information is provided regarding organizational affiliation, participant distribution, or specific data collection formats. Finally, no direct quotations are included in the findings section.
For the “policing in the books” and serving a complementary purpose, a document analysis situated practitioner insights within broader policy governance discourses. Reports and research advisories were compiled, including documents from the AIVD, MIVD, NCTV, CTIVD, the Rathenau Institute, and the Dutch Scientific Council for Government Policy (WRR) that addressed AI’s role in national security, ethics, and public values. As such, the two data sources provided a multilayered perspective on how AI is discussed, interpreted, and regulated in the Dutch national security domain.
The data analysis was done (re)iteratively, integrating collection, (re)coding, and (re)interpretation (Bosch, 2012; Williams and Moser, 2019). Whereas interviews underwent initially open and then axial and selective coding, adhering to abductive analysis principles (Thomas, 2006) to produce themes such as “AI and national security” and “legal and ethical differences,” there was a thematic document analysis of policy, oversight reports, and strategic advice that provided context and complemented interviews. Eventually, a comparative approach contrasted the “policing/policy in the books” with “policing/policy in action” and identified tensions and alignments, which is consistent with discursively constructed policing and policymaking in sensitive domains (cf. Holdaway, 1985; Laurie and Maglione, 2020; Maglione, 2022).
Findings
This section presents the empirical findings, entailing a comprehensive understanding of how professionals in and around Dutch intelligence and security institutions interpret, apply, and justify the use of AI, structured in three parts: (1) key themes emerging from the document analysis, (2) main findings from practitioner interviews, and (3) a comparison between policy and practice. These findings reveal how intelligence professionals make sense of AI as a technological enabler, as a governance challenge, and as a security-political force, thereby shaping both its meaning and its use in practice.
“AI in the books”: Official intelligence and policing AI-discourse
The document analysis revealed that there was a shared policy and governance concern with AI’s transformative and potentially destabilizing role within the security domain, consisting specifically of AI as an amplifier of threats, the necessity of oversight and regulation, and the tension between technological innovation and public values.
In the written reality of Dutch governance and scientific recommendations regarding AI and national security, AI is considered a technology that is simultaneously leading to opportunities and risks. In their report on AI-enhanced threats, the AIVD, MIVD, and NCTV (2023) socially construct AI as an amplifier of hostile activity, saying that it accelerates disinformation, cyberattacks, and espionage. They consider AI predominantly to be a “risk technology” that demands prevention-oriented governance. This is also acknowledged, scientifically, by the WRR (2021), which describes AI developments within a geopolitical context as a warning about being technologically dependent on non-European actors that could undermine digital sovereignty and, eventually, national security.
Moreover, the document analysis reveals that there is a narrative about a strong need for greater oversight and regulation of AI within the Dutch security apparatus, including more than just the intelligence service, police, and other public authorities. The “watchdog” CTIVD (2021) raises concerns about automated Open Source Intelligence (OSINT) tools and their potential to alter investigative routines in ways that may compromise privacy or proportionality, calling for stronger mechanisms of human oversight and legal accountability, while acknowledging the difficulty of applying static legal norms to rapidly evolving technologies. This too is scientifically supported by the WRR (2021) as well as Rathenau Instituut (2017), echoing a call for proactive governance. Moreover, the WRR and Rathenau Institute maintain a normative-scientific narrative on public values eroding in the digital age, specifically that transparency, fairness, and autonomy are challenged by AI technologies over which oversight is fragmented. Also, societal legitimacy cannot be secured through technical fixes alone, and thus, they urge, a broader ethical and public debate is necessary on how to align technological development with democratic values.
So, what becomes apparent is that “AI in the books” rhetorically outlines an institutional landscape grappling with AI’s duality, considered a force for enhanced security and a source of new uncertainty. These intelligence and scientific actors reinforce a discourse in which AI is securitized, simultaneously portraying AI as essential for safety and security as well as a catalyst of new vulnerabilities. Moreover, a shift is advocated from reactive regulation to anticipatory state stewardship, including the establishment of coordination mechanisms, algorithm registers, and cross-sectoral cooperation. Altogether, AI is not only a technological matter but also a governance challenge, requiring institutional adaptation and normative recalibration, wherein technology is explicitly framed as socially and politically constructed and its effects are contingent on governance choices and institutional design.
This macro-level understanding of the normative and policy “AI in the books”-environment in which intelligence services operate with the multi-agency policing partners is now compared to the practitioners’ perceptions and practices.
“AI in action”: Everyday intelligence and policing AI practice
The analysis of the interviews with (former) professionals from the AIVD, NCTV, the National Police, the Ministry of Justice and Security, and CTIVD reveals how “AI in action” is understood, negotiated, and enacted within the daily realities of the participants. Five interrelated themes were discovered: the conceptual ambiguity of AI, its perceived role in national security, the restrictions of legal and ethical frameworks, the role of geopolitics, and national resilience/autonomy.
To be or not to be hyped, feared, or controlled?
All the interviewees described AI as an ambiguous concept whose meaning shifts with context. Practitioners said it is a container term, encompassing a spectrum of tools and practices, ranging from data-mining algorithms to machine learning models, often mentioned to signal innovation. This elasticity carries some strategic consequences, they explain. On the one hand, it allows different departments to explore AI creatively; on the other hand, it hampers coherent policy and evaluation. Some respondents emphasize AI’s analytic utility in processing vast data sets, while others perceive it primarily as a geopolitical necessity or as an emergent risk requiring strict containment. Despite these differences, most interviewees agree that AI immerses itself in a space between hype and normalization, which means that it is simultaneously routine and exceptional.
It was recognized that AI has operational value, as it could enhance efficiency and analytic precision in their intelligence analyses, particularly regarding OSINT, pattern recognition, and threat assessment. However, also here, they described AI as inherently double-edged, because while AI may assist intelligence operations, it can also do that for adversaries. Especially the use of AI to blur the line between truth and manipulation, and destabilize trust in information was problematized. They gave examples of how disinformation and deepfakes complicate both public discourse and intelligence validation, creating what some called epistemic fog, as was referred to. Moreover, within agencies, strict data protection requirements restrict model training to lawfully obtained datasets, which can limit accuracy or introduce bias. To mitigate such risks, practitioners argued it is important to maintain human-in-the-loop oversight, which according to them, would ensure algorithmic outputs are critically assessed, contextualized, and validated before informing intelligence decisions. There is therefore a culture of (pre)caution noticeable in their stories, aligning recent observations (Del Castillo, 2024), where the intelligence and security agencies proceed incrementally by favoring small-scale AI-tooling pilots and extensive review procedures to avoid overreach.
One of the anchors of security governance (Loader and Walker, 2007) on AI-application in the national security domain the participants mentioned is the Intelligence and Security Services Act, regarded as both a safeguard and a constraint. It ensures proportionality and oversight, but they also consider it outdated in relation to technological change, partially due to it providing general principles but limited operational guidance, as they expressed. As a result, specialized professional ethics and institutional self-regulation have become important for them to play a central role in defining responsible use. One way to do so, they describe, is through deliberative processes in which efficiency is deliberately traded for accountability and explicability. At the same time, some of them fear that strict regulation may slow European AI-innovation, whereas others view this restraint as essential to maintaining legitimacy. There were several participants who mentioned the possibility of technology-neutral legislation, where rules protect certain principles rather than attempting to anticipate each new tool. In the meantime, they also referred to their reliance on internal ethics boards, pilot evaluations, and interagency coordination to interpret how legal and moral standards apply to the latest AI developments and practices.
AI-geopolitics and autonomous resilience
Consistently, the participants embedded AI in international dynamics and geopolitics, narratively distinguishing between three paradigms: the European “normative” model rooted in rights and ethics, the U.S. “market-driven” model privileging innovation, and China’s “state-driven” model prioritizing control and surveillance. This tripartite comparison structures how they perceive their own strategic positioning: rule of law-based, democratic, and ethical. Moreover, most respondents support the European Union’s risk-based approach embodied in the AI Act, but they also acknowledge clear implementation challenges, and they expressed concern about the risk of technological dependency (e.g. on China). Strategic autonomy, they argue, requires not only regulation but also investment in domestic infrastructure, data governance, and expertise. Some mention small-scale governmental AI initiatives as steps toward digital sovereignty. Yet, even as autonomy is pursued, respondents emphasize that Europe must not sacrifice its normative commitments to compete technologically, because, they argue, losing those values would mean losing the very thing worth defending (through AI-enhanced intelligence and policing).
Finally, respondents situate AI within broader societal transformations, particularly the blurring of “truth” boundaries and the dominance of private technology firms. They are concerned that AI-driven (social) media amplify disinformation, polarization, and “post-truth” dynamics that erode collective trust in societies. This, for them, implies that strengthening societal resilience against AI-enhanced disinformation has become a security objective itself. Several respondents therefore advocate for citizen education, (social) media literacy, and critical thinking as essential counterweights to manipulation. Others are worried about the disproportionate influence of large technology companies, making them stress that AI should be seen and treated as a public good, thus subject to democratic control rather than purely driven by the market. Here, they pointed out a feedback loop: societal vulnerabilities create security risks, which in turn shape how AI is governed. Maintaining public trust therefore requires institutional restraint and civic empowerment, they concluded.
Discussion and conclusion on AI-liminality in intelligence services
Based on our study of how the Dutch intelligence service (AIVD) interprets and deploys AI in multi-agency policing responses to hybrid threats, and how they navigate the resulting tensions between national security and fundamental rights, the findings offer several (theoretical) insights and propositions.
Overall, the Dutch intelligence service and its security partners appear to do their work in a space where AI is simultaneously friend and foe, amplifying analytic precision while generating epistemic uncertainty and societal risk. The studied research population may be interpreted as having to operate within a liminal zone (Horvath et al., 2015; Turner, 1969), being situated in “in-between situations [. . .] characterized by dislocation of established structures, reversal of hierarchies, and uncertainty about continuity and future outcome” (Horvath et al., 2015: 2) where operational, ethical, and legal imperatives collide. This is theoretically illustrative of what we term “AI-liminality,” which becomes visible in the divergence between policy documents that frame AI as a defined risk technology, to be governed in the long term by anticipatory oversight, algorithmic registers, and normative safeguards (CTIVD, 2021; WRR, 2021), on the one hand, and everyday practices, on the other hand, where AI is considered from a short-term perspective as a fluid assemblage of algorithms and models, whose implications appear to shift daily with role, context, and operational necessity. In sum, according to the interviewees, AI is both routine and exceptional, enabling and threatening, and structured and unmoored, altogether indicative of that liminal state.
To unpack this liminal governance space, three divergences between policy and practice can be observed. First, there is a tempo mismatch: policy institutions articulate high-level, proactive reforms, whereas practitioners face immediate implementation dilemmas, including access to lawful datasets, interdepartmental coordination, and the ambiguity of what “AI” precisely entails in their work. Second, their conceptualization of AI differs. Policy texts tend to treat AI as a singular, governable object; in practice, AI is encountered as an elastic, evolving set of tools and expectations. Third, responsibility logics diverge. Policy frames oversight as formal institutional control, while practitioners describe responsibility as a continuous moral practice, being human-centered, reflexive, and contingent. Taken together, these divergences illustrate the provisional and interpretative nature of AI governance, constituting AI-liminality. AI functions as a plural construct, interpreted differently across organizational settings. Trust thereby becomes the connective issue between security and democracy, as legitimacy depends on navigational work that reconciles technological capability with ethical accountability.
AI therefore may contribute to what can be considered experienced AI-liminality, in a temporal and epistemic fashion. Where policy articulates long-term strategic oversight, practitioners are confronted with AI’s immediate dilemmas, such as access to lawful datasets, cross-departmental coordination, and validation of ambiguous outputs. AI-liminality also appears in how AI clarifies while it obfuscates, producing that “epistemic fog” where the distinction between reliable and manipulated information dissolves (Del Castillo, 2024). Whereas they may act as boundary navigators, translating institutional imperatives into morally defensible practice within thresholds of provisional authority (Van Hulst and Yanow, 2016), such ethics, legality, and societal legitimacy appear to be enacted in a contextually contingent manner, performed on-the-go, while a clear security governance anchor is lacking.
Within a multipolar geopolitical context, where hybrid threats, particularly disinformation, and constraints on national autonomy and resilience are perceived to amplify AI’s dualities and vice versa, practitioners’ experience of AI-liminality may be further pronounced. Moreover, in justifying the European rights-based regulation against US market-driven and Chinese state-directed models, they balance technological sovereignty, strategic autonomy, and ethical fidelity. This too creates AI’s semantic fluidity in which “strategic necessity,” “critical technology,” and “risk multiplier” resist codification, producing provisional, context-sensitive governance spaces, thus making AI-enhanced liminality useful as a theoretical lens for understanding AI-liminality both as a structural condition and a generative resource.
In all of this, AI mediates and widens thresholds between operational efficiency, democratic legitimacy, and ethical responsibility. Due to their experience of halted temporality, where innovation, caution, and societal expectation are continuously (re)negotiated, governance seems to function less as a concrete and stable anchor (Loader and Walker, 2007) and more as a performed art. Through their sense-making, it becomes apparent that they are likely to experience AI-liminality, a threshold space where their operational judgment, ethical deliberation, and legal adherence intersect. At that immediacy of AI dualities and AI-liminality, they could encounter occupational anxiety and institutional inertia. If the uncertainty becomes chronic, “the liminal” could have far more fundamentally damaging effects (Saunders, 2020), as it could produce existential strain and loss of meaning, hollowing out interpretive frameworks.
In tandem with potential consequences of AI itself, including the flattening of knowledge and meaning, reinforcing biases, constraining critical inquiry, voiding legitimacy and knowledge, and homogenizing creativity, altogether, it erodes epistemic and interpretive landscapes, while concentrating authority and narrowing the space for critical reflection (Berry, 2025; Humphreys, 2025; Meeker et al., 2025; Shin, 2025). It is exactly that critical reflection which is of utmost importance for intelligence services (Moore, 2011; Sfetcu, 2019; Sinai, 2021), and thus at stake, as the participants indicated when in their advocacy for citizen education, (social) media literacy, and critical thinking as essential counterweights to AI-enhanced manipulation.
In this sense, Heidegger’s (1977) critique remains discerning: modern technology “enframes” reality, reducing phenomena to data points, probabilities, and outputs, while humans, also those in intelligence, become calculable resources, subject to the paradoxical duality of AI as both friend and foe, operating merely through us, while destabilizing us.
Future research and implications for governance
There are several recommendations to be made for future research. Moreover, our findings offer implications relevant for intelligence governance and oversight.
First, comparative intelligence studies (cf. Gill, 2007) are recommended to explore whether and how AI-liminality manifests itself across intelligence regimes that function under varying legal traditions, oversight arrangements, and civil–military relations. This could help clarify whether the AI-liminality we identified is typical of the Dutch context or indicative of a more broadly shared condition of AI-enhanced intelligence work. Given the multipolarity between the Global West and Global East, as well as rising tensions within the Global West itself, specifically between the United States and Europe (Starcevic, 2025), this question is likely to become more important. A second avenue for future research could be the ethnographic exploration of how AI is used – with the assistance of AI! – by modeling or simulating aspects of intelligence practitioners’ experiences, for instance, through natural language processing of anonymized interview data or scenario-based AI simulations (if practically and legally feasible). This could lead to complementary multilayered, participant-observation insights into sense-making with and of AI-enhanced intelligence work. A third suggestion for future empirical research would be to study oversight and professional ethics in AI-enhanced intelligence practices, paying particular attention to how supervisory bodies, legal reviews, and ethics relate to one another in practice. Such research could provide and deepen understanding of how legitimacy, accountability, and epistemic authority are (re)negotiated when formal rules struggle to keep pace with rapidly evolving AI technologies, while also focusing on how governance frameworks enable, shape, and/or affect everyday realities of oversight and operational intelligence work.
Finally, as our study offers a social diagnosis of how AI is navigated in intelligence and security practice, the findings suggest some reflections for policymakers, oversight bodies, and practitioners. Our theoretical conceptualizing of AI-liminality indicates that governance is not merely about rules (compliance) or technical control but also (if not more so) about interpretation, judgment, and negotiation in situ. For instance, oversight bodies might pay closer attention to how ethical dilemmas emerge in everyday AI use, rather than only checking formal compliance; training could improve practitioners’ interpretation of uncertain or conflicting AI outputs, their judgment calls when results are ambiguous, and help them learn to adjust their actions as operational priorities shift; and governance could include proactive periodic reflective reviews to identify unintended consequences, emerging risks, or gaps between policy and practice regarding AI deployment.
Footnotes
Acknowledgements
We thank the anonymous reviewers for their very helpful comments and suggestions.
Funding
The authors received no financial support for the research, authorship, and/or publication of this article.
Declaration of Conflicting Interests
The authors declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.
